WO2017028323A1 - Radio frequency fingerprint-based cross-layer authentication method - Google Patents

Radio frequency fingerprint-based cross-layer authentication method Download PDF

Info

Publication number
WO2017028323A1
WO2017028323A1 PCT/CN2015/087880 CN2015087880W WO2017028323A1 WO 2017028323 A1 WO2017028323 A1 WO 2017028323A1 CN 2015087880 W CN2015087880 W CN 2015087880W WO 2017028323 A1 WO2017028323 A1 WO 2017028323A1
Authority
WO
WIPO (PCT)
Prior art keywords
radio frequency
frequency fingerprint
legal
sender
data packet
Prior art date
Application number
PCT/CN2015/087880
Other languages
French (fr)
Chinese (zh)
Inventor
文红
张金玲
廖润发
唐杰
潘绯
Original Assignee
电子科技大学
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 电子科技大学 filed Critical 电子科技大学
Priority to US15/310,780 priority Critical patent/US10251058B2/en
Publication of WO2017028323A1 publication Critical patent/WO2017028323A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/79Radio fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W72/00Local resource management
    • H04W72/04Wireless resource allocation
    • H04W72/044Wireless resource allocation based on the type of the allocated resource
    • H04W72/0446Resources in time domain, e.g. slots or frames

Definitions

  • the present invention relates to the field of information security technologies, and in particular, to a cross-layer authentication method based on radio frequency fingerprint.
  • TESLA a security scheme for a lightweight cipher machine given TESLA technology is proposed.
  • TESLA is one of the best known solutions, it still requires synchronization between nodes and is vulnerable to denial of service attacks.
  • the attacker blocks the legitimate sender by continuously sending time synchronization requests.
  • Most wireless communication solutions now only authenticate the first frame when accessing the network, and do not authenticate subsequent packets. This can lead to many security issues, such as ID tracking, man-in-the-middle attacks, and malicious node attacks.
  • the uniqueness of the radio frequency (RF) fingerprint is another important resource for identifying the state of the transmitter. This uniqueness is related to the electrical component, the printed circuit board route, the internal path of the integrated circuit, and the filter output of the wireless transmitter displayed by the high-precision and high-bandwidth oscilloscope in the RF, and the difference is between the transient signals. Can be reflected.
  • the RF fingerprints of devices from different manufacturers vary widely. According to reports, even the radio frequency fingerprints on the same series of wireless network cards are different; thus the radio frequency fingerprints are very different and can be used to identify wireless transmitters.
  • the object of the present invention is to overcome the deficiencies of the prior art and provide a cross-layer authentication method based on radio frequency fingerprint, which has the characteristics of low complexity, small delay and high precision, and is very suitable for a resource-limited authentication environment.
  • a cross-layer authentication method based on radio frequency fingerprint including the following step:
  • the legal sender A sends the first data packet to the legal receiver B, and performs upper layer authentication on the first data packet.
  • step S2 If the upper layer authentication succeeds, the trust connection between the legal sender A and the legal receiver B is established, and the process proceeds to step S2;
  • step S1 is repeated;
  • the legal receiver B extracts the radio frequency fingerprint feature vector of the legal sender A, and stores the radio frequency fingerprint feature vector in the memory of the legal receiver B;
  • the sender X sends the second data packet to the legal receiver B, and the legal receiver B extracts the radio frequency fingerprint feature vector of the sender X.
  • the legal receiver B performs radio frequency fingerprint authentication on the radio frequency fingerprint feature vector of the sender X in step S3 according to the radio frequency fingerprint feature vector, that is, determines the similarity between the radio frequency fingerprint feature vector of the sender X and the radio frequency fingerprint feature vector sample;
  • the radio frequency fingerprint authentication is successful, the sender X is the legal sender A, and the radio frequency fingerprint feature vector of the sender X is stored in the memory of the legal receiver B, and the jump step S3;
  • the radio frequency fingerprint authentication fails, the sender X is the attacker E, and the legal receiver B discards the second data packet, and the process proceeds to step S1.
  • the upper layer authentication uses digital signature authentication based on public key infrastructure or TESLA based authentication.
  • step S1 includes the following substeps:
  • the legal sender A is assigned an anonymous public/private key pair ⁇ pubK A , priK A >, public/private key pair ⁇ pubK A , priK A > with a certain lifetime.
  • the virtual ID of the public/private key pair ⁇ pubK A , priK A > is PVID A ;
  • the legal recipient B is assigned an anonymous public/private key pair ⁇ pubK B , priK B > with a certain lifetime, and the public/private key pair ⁇ pubK B , priK B > is Cert B , public key / The virtual ID of the private key pair ⁇ pubK B , priK B > is PVID B ;
  • the legitimate sender A uses the private key priK A to sign the hash message of the first data packet, and the first data packet is represented as Then the first packet Send to legal recipient B, ie:
  • the legal recipient B considers the first data packet.
  • the sender is the legal sender A, establishing a trust connection between the legitimate sender A and the legitimate receiver B;
  • step S15 If the signature verification fails, the legal receiver B discards the first data packet. Go to step S12.
  • the steps of the legal receiver B extracting the radio frequency fingerprint feature vector of the legal sender A and the legal receiver B extracting the radio frequency fingerprint feature vector of the sender X include the following steps:
  • the legal receiver B receives the radio frequency signal
  • the legal receiver B uses the Hilbert transform to parse the received radio frequency signal, then calculates the instantaneous phase of the radio frequency signal, and detects the transient signal by the phase detection method;
  • the legal receiver B obtains a smooth instantaneous envelope curve by using a wavelet analysis transform method
  • the identifiers used in the step S5 for performing radio frequency fingerprint authentication are an SVM recognizer and a BP neural network recognizer.
  • the verification algorithm for performing radio frequency fingerprint authentication in the step S5 is a likelihood ratio test method or a sequential probability ratio test method.
  • the step of setting a threshold is also included before the step S5.
  • the radio frequency fingerprint feature sample in the step S4 includes one or more of the radio frequency fingerprint feature vectors stored in the memory of the legal recipient B.
  • the present invention uses the public key infrastructure-based digital signature authentication or the TESLA-based authentication for the first data packet to establish an upper-layer identity authentication only when a trusted connection is established between the legal sender A and the legitimate recipient B.
  • the authentication of the data packet is realized by radio frequency fingerprint authentication, and has the characteristics of low computational complexity and small delay;
  • the time interval between the two time slots may be several hours or even several days in the case that the radio frequency fingerprint authentication does not fail and the communication is always connected;
  • FIG. 1 is a flowchart of a cross-layer authentication method based on radio frequency fingerprint according to the present invention
  • Figure 3 is an embodiment of the present invention.
  • the cross-layer authentication method based on radio frequency fingerprint includes the following steps:
  • the legal sender A sends the first data packet to the legal receiver B, and performs upper layer authentication on the first data packet.
  • step S2 If the upper layer authentication succeeds, the trust connection between the legal sender A and the legal receiver B is established, and the process proceeds to step S2;
  • step S1 is repeated.
  • the identity authentication of the first data packet uses digital signature authentication based on public key infrastructure or TESLA based authentication.
  • step S1 includes the following sub-steps:
  • the legal sender A is assigned an anonymous public/private key pair ⁇ pubK A , priK A >, public/private key pair ⁇ pubK A , priK A > with a certain lifetime.
  • the virtual ID of the public/private key pair ⁇ pubK A , priK A > is PVID A ;
  • the legal recipient B is assigned an anonymous public/private key pair ⁇ pubK B , priK B > with a certain lifetime, and the public/private key pair ⁇ pubK B , priK B > is Cert B , public key / The virtual ID of the private key pair ⁇ pubK B , priK B > is PVID B ; the public key/private key pair ⁇ pubK A , priK A > and the public/private key pair ⁇ pubK B , priK B > have a lifetime For a few minutes.
  • the legitimate sender A uses the private key priK A to sign the hash message of the first data packet, and the first data packet is represented as Then the first packet Send to legal recipient B, ie:
  • T 1 current timestamp
  • the legal recipient B considers the first data packet.
  • the sender is the legitimate sender A, establishing a trusted connection between the legitimate sender A and the legitimate receiver B.
  • step S15 If the signature verification fails, the legal receiver B discards the first data packet. Go to step S12.
  • the legal receiver B extracts the radio frequency fingerprint feature vector of the legal sender A, and stores the radio frequency fingerprint feature vector in the memory of the legal receiver B.
  • the sender X sends the second data packet to the legal receiver B, and the legal receiver B extracts the radio frequency fingerprint feature vector of the sender X.
  • the steps of the legal receiver B extracting the radio frequency fingerprint feature vector of the legal sender A and the legal receiver B extracting the radio frequency fingerprint feature vector of the sender X include the following steps:
  • the legal receiver B receives the radio frequency signal
  • the legal receiver B uses the Hilbert transform to parse the received radio frequency signal, then calculates the instantaneous phase of the radio frequency signal, and detects the transient signal by the phase detection method;
  • the legal receiver B obtains a smooth instantaneous envelope curve by using a wavelet analysis transform method
  • the radio frequency fingerprint feature sample in the step S4 includes one or more of the radio frequency fingerprint feature vectors stored in the memory of the legal receiver B, that is, the legal receiver B determines the radio frequency fingerprint feature vector and the radio frequency of the sender X.
  • the radio frequency fingerprint feature vector sample includes the kS-1th to k-1th radio frequency fingerprint feature vectors stored by the legal receiver B, wherein the value of S is verified
  • the algorithm determines.
  • the legal receiver B performs radio frequency fingerprint authentication on the radio frequency fingerprint feature vector of the sender X in step S3 according to the radio frequency fingerprint feature vector, that is, determines the radio frequency fingerprint feature vector of the sender X and the radio frequency fingerprint feature included in the radio frequency fingerprint feature vector sample. Similarity of vectors;
  • the radio frequency fingerprint authentication is successful, the sender X is the legal sender A, and the radio frequency fingerprint feature vector of the sender X is stored in the memory of the legal receiver B, and the jump step S3;
  • the radio frequency fingerprint authentication fails, the sender X is the attacker E, and the legal receiver B discards the second data packet, and the process proceeds to step S1.
  • the identifiers used in the step S5 for performing radio frequency fingerprint authentication are an SVM recognizer and a BP neural network recognizer.
  • the legal receiver B uses the SVM identifier and the BP neural network identifier to identify the radio frequency fingerprint feature vector according to the radio frequency fingerprint feature vector sample, thereby performing radio frequency fingerprint verification on the received data packet.
  • the verification algorithm for performing radio frequency fingerprint authentication in the step S5 is a likelihood ratio test method or a sequential probability ratio test method.
  • the verification algorithm determines the RF fingerprint feature vector contained in the RF fingerprint feature vector sample.
  • the step of setting a threshold is also included before the step S5.
  • the invention only uses the public key infrastructure-based digital signature authentication or the TESLA-based authentication for the first data packet to establish the upper-layer identity authentication when the trusted connection is established between the legal sender A and the legal receiver B; in the subsequent time slot As long as the authentication fails in the RF fingerprint authentication and the communication between the legitimate sender A and the legitimate receiver B is in a connected state, the legal receiver B only needs to perform radio frequency fingerprint authentication on the received data packet, which is complicated in calculation. Low degree and low delay.
  • the time interval between the two time slots may be several hours or even several days when the radio frequency fingerprint authentication fails and the communication is always connected; when the radio frequency fingerprint authentication fails or the communication terminal After the connection needs to be re-established, the upper layer authentication of the data packet is required again.
  • the difference in the characteristics of the radio frequency fingerprint can be reflected in the transient signal.
  • the attacker E cannot obtain the radio frequency fingerprint feature of the legal sender A extracted by the legal receiver B, and thus cannot send the data to the legal sender A.
  • the package is tampering, forwarding or forging to ensure communication security.
  • the legitimate sender A sends the first data packet to the legal receiver B
  • the legal receiver B uses the digital signature authentication based on the public key infrastructure to authenticate the first data packet: If the authentication succeeds, the RF fingerprint feature vector RF AB,1 of the legal sender A is extracted and saved; if the authentication fails, the current data packet is discarded, the legal sender A resends the first data packet, and the legal recipient B adopts the public key.
  • the digital signature authentication of the infrastructure authenticates the first data packet.
  • the sender X sends the second data packet to the legal receiver B.
  • the legal receiver B extracts the RF fingerprint feature vector RF AB,2 of the sender X; the legal receiver B uses the likelihood ratio test or the sequential probability ratio test to evaluate the radio frequency fingerprint according to the radio frequency fingerprint feature vector RF AB,1 Vector RF AB, 2 performs RF fingerprint authentication; if the RF fingerprint authentication is successful, the RF fingerprint feature vector RF AB, 2 is saved , and the sender X sends the next data packet to the legal receiver B; if the RF fingerprint authentication fails, the current data is discarded.
  • the data packet, the legitimate sender A resends the first data packet, and the legitimate recipient B authenticates the first data packet by using the digital signature authentication based on the public key infrastructure.
  • the sender X sends the Kth packet to the legal receiver B.
  • the legal receiver B extracts the RF fingerprint feature vector RF AB,k of the sender X , and the legal receiver B uses the likelihood ratio test according to the radio frequency fingerprint feature vectors RF AB, k-1 , . . .
  • the sequential probability ratio test method performs RF fingerprint authentication on the RF fingerprint feature vector RF AB,k , wherein the value of S is determined by the selected algorithm; if the RF fingerprint authentication is successful, the RF fingerprint feature vector RF AB,k is saved , and the sender X sends the next data packet to the legal receiver B; if the radio frequency fingerprint authentication fails, the current data packet is discarded, the legitimate sender A resends the first data packet, and the legal recipient B uses the digital signature authentication based on the public key infrastructure. The first packet is authenticated.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

Disclosed is a radio frequency fingerprint-based cross-layer authentication method. The method comprises the following steps: S1, in a first timeslot, an authorized sender A sends a first data packet to an authorized receiver B and carries out upper-layer authentication on the first data packet; S2, extract a radio frequency fingerprint characteristic vector of the authorized sender A, and storing the radio frequency fingerprint characteristic vector in a memory of the authorized receiver B; S3, in a next timeslot, a sender X sends a second data packet to the authorized receiver B, and extracts a radio frequency fingerprint characteristic vector of the sender X; and S4, set a radio frequency fingerprint characteristic vector sample; and S5, determine a similarity degree between the radio frequency fingerprint characteristic vector of the sender X and the radio frequency fingerprint characteristic vector sample; if the similarity degree is greater than or equal to a set threshold, indicate that the radio frequency fingerprint authentication is successful, and store the radio frequency fingerprint characteristic vector of the sender X, and turn to step S3; and otherwise, indicate that the radio frequency fingerprint authentication fails, discard the second data packet and turn to step S1. The present method has the characteristics of low complexity, low time delay and high precision.

Description

基于射频指纹的跨层认证方法Cross-layer authentication method based on radio frequency fingerprint 技术领域Technical field
本发明涉及信息安全技术领域,特别是涉及一种基于射频指纹的跨层认证方法。The present invention relates to the field of information security technologies, and in particular, to a cross-layer authentication method based on radio frequency fingerprint.
背景技术Background technique
无线通信网络的开放性导致在无线传输过程中攻击者很容易注入恶意数据或者篡改合法消息的内容。广播报文认证是对抗可能出现的大多数攻击的一种有效方案,它可以让已定接收器确定接收所期望的信息源的数据。采用以公钥基础设施为基础的数据签名技术(如RSA或DSA),在签名认证中涉及了密集计算,导致资源消耗十分严重,这为资源非常有限的移动设备增加了严重的负担。随着无线通信的发展,移动电子商务的安全和隐私风险成为关注的焦点,移动终端、WiFi网络卡和RFID标签等都急需低复杂度和低成本的认证。对于这种资源受限的情况,提出了给予TESLA技术的轻量级密码机的安全方案。尽管TESLA是我们已知的最好方案之一,它仍然要求节点间的同步,并且容易受到拒绝服务攻击,其中攻击者通过连续发送时间同步请求来阻塞合法发信者,轻量级密码机的安全强度受到危害。现在大多数无线通信方案只能在接入网络时对第一帧进行认证,对后面的数据包均不予以认证,这可能会导致很多安全问题,如ID跟踪、中间人攻击和恶意节点攻击等。The openness of wireless communication networks makes it easy for an attacker to inject malicious data or tamper with the contents of a legitimate message during wireless transmission. Broadcast message authentication is an effective solution against most attacks that may occur, allowing a given receiver to determine the data that receives the desired source of information. The use of public key infrastructure-based data signature techniques (such as RSA or DSA) involves intensive computing in signature authentication, resulting in very severe resource consumption, which adds a significant burden to mobile devices with very limited resources. With the development of wireless communication, the security and privacy risks of mobile e-commerce have become the focus of attention. Mobile terminals, WiFi network cards and RFID tags are in urgent need of low complexity and low cost authentication. For such resource-constrained situations, a security scheme for a lightweight cipher machine given TESLA technology is proposed. Although TESLA is one of the best known solutions, it still requires synchronization between nodes and is vulnerable to denial of service attacks. The attacker blocks the legitimate sender by continuously sending time synchronization requests. The security of the lightweight cipher machine. The strength is compromised. Most wireless communication solutions now only authenticate the first frame when accessing the network, and do not authenticate subsequent packets. This can lead to many security issues, such as ID tracking, man-in-the-middle attacks, and malicious node attacks.
最近,一些研究人员已经转向使用物理层信息来增强无线通信的安全,尝试将现有的认证与基于信道信息的物理层认证方案相结合,旨在实现轻量级并快速认证。这些研究利用物理层的信道响应时空唯一性,使得通信节点间的信道响应可以像指纹一样仅能被合法发送者和接收者识别,并整合了现有的消息认证方案和物理层的认证机制。然而,通信信道的时空唯一性正处于高速拥堵的环境下;并且这种方法仅适用于两个时隙间的时间间隔小于相干时间,并且移动速度很低的情况。当通信双方的两个时隙间的间隔时间大于信道相干时间时,他们需要进行上层认证。Recently, some researchers have turned to the use of physical layer information to enhance the security of wireless communications, and attempt to combine existing authentication with channel-based physical layer authentication schemes for lightweight and fast authentication. These studies make use of the spatial and temporal uniqueness of the channel response of the physical layer, so that the channel response between communication nodes can be recognized only by legitimate senders and receivers like fingerprints, and integrates the existing message authentication scheme and the physical layer authentication mechanism. However, the spatio-temporal uniqueness of the communication channel is in a high-speed congestion environment; and this method is only applicable when the time interval between two time slots is less than the coherence time and the moving speed is very low. When the interval between two time slots of the communication parties is greater than the channel coherence time, they need to perform upper layer authentication.
射频(Radio Frequency,RF)指纹的唯一性是用于识别发射机的状态的另一个重要的资源。这种唯一性与电气元件、印刷电路板的路线、集成电路内部路径和射频中经高精度和高带宽的示波器显示的无线发射机的滤波器输出结果均有关,并且其差异在瞬时信号间都可以体现出来。来自不同制造商的设备,其射频指纹有很大的不同。据透露,即使在同一系列的无线网络卡上的射频指纹也不同;因而射频指纹有很大的不同,可用于识别无线发射机。The uniqueness of the radio frequency (RF) fingerprint is another important resource for identifying the state of the transmitter. This uniqueness is related to the electrical component, the printed circuit board route, the internal path of the integrated circuit, and the filter output of the wireless transmitter displayed by the high-precision and high-bandwidth oscilloscope in the RF, and the difference is between the transient signals. Can be reflected. The RF fingerprints of devices from different manufacturers vary widely. According to reports, even the radio frequency fingerprints on the same series of wireless network cards are different; thus the radio frequency fingerprints are very different and can be used to identify wireless transmitters.
发明内容Summary of the invention
本发明的目的在于克服现有技术的不足,提供一种基于射频指纹的跨层认证方法,具有复杂度低、延时小和精确度高的特点,十分适用于资源受限的认证环境。The object of the present invention is to overcome the deficiencies of the prior art and provide a cross-layer authentication method based on radio frequency fingerprint, which has the characteristics of low complexity, small delay and high precision, and is very suitable for a resource-limited authentication environment.
本发明的目的是通过以下技术方案来实现的:基于射频指纹的跨层认证方法,包括以下 步骤:The object of the present invention is achieved by the following technical solutions: a cross-layer authentication method based on radio frequency fingerprint, including the following step:
S1.第一时隙中,合法发送者A向合法接收者B发送第一数据包,对第一数据包进行上层认证;S1. In the first time slot, the legal sender A sends the first data packet to the legal receiver B, and performs upper layer authentication on the first data packet.
若上层认证成功,则建立合法发送者A和合法接收者B之间的信任连接,跳转步骤S2;If the upper layer authentication succeeds, the trust connection between the legal sender A and the legal receiver B is established, and the process proceeds to step S2;
若上层认证失败,则重复步骤S1;If the upper layer authentication fails, step S1 is repeated;
S2.合法接收者B提取合法发送者A的射频指纹特征向量,并将该射频指纹特征向量存储到合法接收者B的存储器中;S2. The legal receiver B extracts the radio frequency fingerprint feature vector of the legal sender A, and stores the radio frequency fingerprint feature vector in the memory of the legal receiver B;
S3.下一时隙中,发送者X向合法接收者B发送第二数据包,合法接收者B提取发送者X的射频指纹特征向量;S3. In the next time slot, the sender X sends the second data packet to the legal receiver B, and the legal receiver B extracts the radio frequency fingerprint feature vector of the sender X.
S4.设置射频指纹特征向量样本;S4. setting a radio frequency fingerprint feature vector sample;
S5.合法接收者B根据射频指纹特征向量对步骤S3中发送者X的射频指纹特征向量进行射频指纹认证,即判断发送者X的射频指纹特征向量与射频指纹特征向量样本的相似度;S5. The legal receiver B performs radio frequency fingerprint authentication on the radio frequency fingerprint feature vector of the sender X in step S3 according to the radio frequency fingerprint feature vector, that is, determines the similarity between the radio frequency fingerprint feature vector of the sender X and the radio frequency fingerprint feature vector sample;
若该相似度大于或等于设定的阈值,则射频指纹认证成功,发送者X为合法发送者A,将该发送者X的射频指纹特征向量存储到合法接收者B的存储器中,跳转步骤S3;If the similarity is greater than or equal to the set threshold, the radio frequency fingerprint authentication is successful, the sender X is the legal sender A, and the radio frequency fingerprint feature vector of the sender X is stored in the memory of the legal receiver B, and the jump step S3;
若该相似度小于设定的阈值,则射频指纹认证失败,发送者X为攻击者E,合法接收者B丢弃第二数据包,跳转步骤S1。If the similarity is less than the set threshold, the radio frequency fingerprint authentication fails, the sender X is the attacker E, and the legal receiver B discards the second data packet, and the process proceeds to step S1.
所述上层认证采用基于公钥基础设施的数字签名认证或基于TESLA的认证。The upper layer authentication uses digital signature authentication based on public key infrastructure or TESLA based authentication.
所述上层认证采用基于公钥基础设施的数字签名认证时,步骤S1包括以下子步骤:When the upper layer authentication uses digital signature authentication based on the public key infrastructure, step S1 includes the following substeps:
S11.第一时隙中,为合法发送者A分配具有一定生命周期的匿名的公钥/私钥对<pubKA,priKA>,公钥/私钥对<pubKA,priKA>的证书为CertA,公钥/私钥对<pubKA,priKA>的虚拟ID为PVIDAS11. In the first time slot, the legal sender A is assigned an anonymous public/private key pair <pubK A , priK A >, public/private key pair <pubK A , priK A > with a certain lifetime. For Cert A , the virtual ID of the public/private key pair <pubK A , priK A > is PVID A ;
为合法接收者B分配一个具有一定生命周期的匿名的公钥/私钥对<pubKB,priKB>,公钥/私钥对<pubKB,priKB>的证书为CertB,公钥/私钥对<pubKB,priKB>的虚拟ID为PVIDBThe legal recipient B is assigned an anonymous public/private key pair <pubK B , priK B > with a certain lifetime, and the public/private key pair <pubK B , priK B > is Cert B , public key / The virtual ID of the private key pair <pubK B , priK B > is PVID B ;
S12.合法发送者A利用其私钥priKA对第一数据包的散列消息进行签名,第一数据包表示为
Figure PCTCN2015087880-appb-000001
然后将第一数据包
Figure PCTCN2015087880-appb-000002
发送给合法接收者B,即:S12. The legitimate sender A uses the private key priK A to sign the hash message of the first data packet, and the first data packet is represented as
Figure PCTCN2015087880-appb-000001
Then the first packet
Figure PCTCN2015087880-appb-000002
Send to legal recipient B, ie:
Figure PCTCN2015087880-appb-000003
Figure PCTCN2015087880-appb-000003
S13.合法接收者B收到第一数据包
Figure PCTCN2015087880-appb-000004
后,合法接收者B利用公钥pubKA对第一数据包
Figure PCTCN2015087880-appb-000005
的签名进行验证:S13. The legal recipient B receives the first data packet.
Figure PCTCN2015087880-appb-000004
After that, the legitimate recipient B uses the public key pubK A to the first data packet.
Figure PCTCN2015087880-appb-000005
Signature verification:
Figure PCTCN2015087880-appb-000006
Figure PCTCN2015087880-appb-000006
式中,|-并置运算符,T1-当前时间戳;Where ||-collocated operator, T 1 - current timestamp;
S14.若签名验证成功,则合法接收者B认为第一数据包
Figure PCTCN2015087880-appb-000007
的发送者是合法发送者A,建立合法发送者A和合法接收者B之间的信任连接;S14. If the signature verification is successful, the legal recipient B considers the first data packet.
Figure PCTCN2015087880-appb-000007
The sender is the legal sender A, establishing a trust connection between the legitimate sender A and the legitimate receiver B;
S15.若签名验证失败,则合法接收者B丢弃第一数据包
Figure PCTCN2015087880-appb-000008
跳转步骤S12。S15. If the signature verification fails, the legal receiver B discards the first data packet.
Figure PCTCN2015087880-appb-000008
Go to step S12.
所述合法接收者B提取合法发送者A的射频指纹特征向量和合法接收者B提取发送者X的射频指纹特征向量的步骤均包括以下步骤:The steps of the legal receiver B extracting the radio frequency fingerprint feature vector of the legal sender A and the legal receiver B extracting the radio frequency fingerprint feature vector of the sender X include the following steps:
S01.合法接收者B接收射频信号;S01. The legal receiver B receives the radio frequency signal;
S02.合法接收者B利用希尔伯特变换对接收到的射频信号进行解析,然后计算射频信号的瞬时相位,通过相位检测的方法来检测瞬态信号;S02. The legal receiver B uses the Hilbert transform to parse the received radio frequency signal, then calculates the instantaneous phase of the radio frequency signal, and detects the transient signal by the phase detection method;
S03.合法接收者B采用小波分析变换的方法获取平滑的瞬时包络曲线;S03. The legal receiver B obtains a smooth instantaneous envelope curve by using a wavelet analysis transform method;
S04.采用拟合曲线对瞬时包络曲线进行处理得到拟合系数,即提取射频指纹特征向量。S04. Using the fitting curve to process the instantaneous envelope curve to obtain the fitting coefficient, that is, extracting the RF fingerprint feature vector.
所述步骤S5中进行射频指纹认证时采用的识别器为SVM识别器和BP神经网络识别器。The identifiers used in the step S5 for performing radio frequency fingerprint authentication are an SVM recognizer and a BP neural network recognizer.
所述步骤S5中进行射频指纹认证的检验算法为似然比检验法或序贯概率比检验法。The verification algorithm for performing radio frequency fingerprint authentication in the step S5 is a likelihood ratio test method or a sequential probability ratio test method.
所述步骤S5之前还包括设置阈值的步骤。The step of setting a threshold is also included before the step S5.
所述步骤S4中的射频指纹特征样本包括合法接收者B的存储器中存储的射频指纹特征向量中的一个或多个。The radio frequency fingerprint feature sample in the step S4 includes one or more of the radio frequency fingerprint feature vectors stored in the memory of the legal recipient B.
本发明的有益效果是:The beneficial effects of the invention are:
(1)本发明仅在合法发送者A和合法接收者B之间建立信任连接时,对第一数据包采用基于公钥基础设施的数字签名认证或基于TESLA的认证进行上层身份认证,对后续数据包的认证则通过射频指纹认证来实现,具有计算复杂度低和延时小的特点;(1) The present invention uses the public key infrastructure-based digital signature authentication or the TESLA-based authentication for the first data packet to establish an upper-layer identity authentication only when a trusted connection is established between the legal sender A and the legitimate recipient B. The authentication of the data packet is realized by radio frequency fingerprint authentication, and has the characteristics of low computational complexity and small delay;
(2)由于射频指纹特征向量不随时间变化,因此在射频指纹认证未出现失败且通信一直连接的情况下,两个时隙之间的时间间隔可以长达数小时甚至数天;(2) Since the radio frequency fingerprint feature vector does not change with time, the time interval between the two time slots may be several hours or even several days in the case that the radio frequency fingerprint authentication does not fail and the communication is always connected;
(3)整个通信过程中,由于射频指纹特征向量的差异在瞬时信号间都可以体现出来,攻击者E无法获取合法接收者B提取的合法发送者A的射频指纹特征,因而无法对合法发送者A发送的数据包进行篡改、转发或伪造,保证了通信安全。(3) In the whole communication process, since the difference of the radio frequency fingerprint feature vector can be reflected between the transient signals, the attacker E cannot obtain the radio frequency fingerprint feature of the legal sender A extracted by the legal receiver B, and thus cannot be the legal sender. The data packets sent by A are tampering, forwarding or forging to ensure communication security.
附图说明DRAWINGS
图1为本发明基于射频指纹的跨层认证方法的流程图; 1 is a flowchart of a cross-layer authentication method based on radio frequency fingerprint according to the present invention;
图2为本发明中提取射频指纹特征向量的流程图;2 is a flow chart of extracting a radio frequency fingerprint feature vector in the present invention;
图3为本发明的一个实施例。Figure 3 is an embodiment of the present invention.
具体实施方式detailed description
下面结合附图进一步详细描述本发明的技术方案,但本发明的保护范围不局限于以下所述。The technical solution of the present invention will be described in further detail below with reference to the accompanying drawings, but the scope of protection of the present invention is not limited to the following.
如图1所示,基于射频指纹的跨层认证方法,包括以下步骤:As shown in FIG. 1, the cross-layer authentication method based on radio frequency fingerprint includes the following steps:
S1.第一时隙中,合法发送者A向合法接收者B发送第一数据包,对第一数据包进行上层认证;S1. In the first time slot, the legal sender A sends the first data packet to the legal receiver B, and performs upper layer authentication on the first data packet.
若上层认证成功,则建立合法发送者A和合法接收者B之间的信任连接,跳转步骤S2;If the upper layer authentication succeeds, the trust connection between the legal sender A and the legal receiver B is established, and the process proceeds to step S2;
若上层认证失败,则重复步骤S1。If the upper layer authentication fails, step S1 is repeated.
所述对第一数据包进行身份认证采用基于公钥基础设施的数字签名认证或基于TESLA的认证。The identity authentication of the first data packet uses digital signature authentication based on public key infrastructure or TESLA based authentication.
所述对第一数据包进行身份认证采用基于公钥基础设施的数字签名认证时,步骤S1包括以下子步骤:When the identity authentication of the first data packet is performed by digital signature authentication based on the public key infrastructure, step S1 includes the following sub-steps:
S11.第一时隙中,为合法发送者A分配具有一定生命周期的匿名的公钥/私钥对<pubKA,priKA>,公钥/私钥对<pubKA,priKA>的证书为CertA,公钥/私钥对<pubKA,priKA>的虚拟ID为PVIDAS11. In the first time slot, the legal sender A is assigned an anonymous public/private key pair <pubK A , priK A >, public/private key pair <pubK A , priK A > with a certain lifetime. For Cert A , the virtual ID of the public/private key pair <pubK A , priK A > is PVID A ;
为合法接收者B分配一个具有一定生命周期的匿名的公钥/私钥对<pubKB,priKB>,公钥/私钥对<pubKB,priKB>的证书为CertB,公钥/私钥对<pubKB,priKB>的虚拟ID为PVIDB;所述公钥/私钥对<pubKA,priKA>和公钥/私钥对<pubKB,priKB>的生命周期一般为几分钟。The legal recipient B is assigned an anonymous public/private key pair <pubK B , priK B > with a certain lifetime, and the public/private key pair <pubK B , priK B > is Cert B , public key / The virtual ID of the private key pair <pubK B , priK B > is PVID B ; the public key/private key pair <pubK A , priK A > and the public/private key pair <pubK B , priK B > have a lifetime For a few minutes.
S12.合法发送者A利用其私钥priKA对第一数据包的散列消息进行签名,第一数据包表示为
Figure PCTCN2015087880-appb-000009
然后将第一数据包
Figure PCTCN2015087880-appb-000010
发送给合法接收者B,即:S12. The legitimate sender A uses the private key priK A to sign the hash message of the first data packet, and the first data packet is represented as
Figure PCTCN2015087880-appb-000009
Then the first packet
Figure PCTCN2015087880-appb-000010
Send to legal recipient B, ie:
Figure PCTCN2015087880-appb-000011
Figure PCTCN2015087880-appb-000011
S13.合法接收者B收到第一数据包
Figure PCTCN2015087880-appb-000012
后,合法接收者B利用公钥pubKA对第一数据包
Figure PCTCN2015087880-appb-000013
的签名进行验证:S13. The legal recipient B receives the first data packet.
Figure PCTCN2015087880-appb-000012
After that, the legitimate recipient B uses the public key pubK A to the first data packet.
Figure PCTCN2015087880-appb-000013
Signature verification:
Figure PCTCN2015087880-appb-000014
Figure PCTCN2015087880-appb-000014
式中,|-并置运算符,T1-当前时间戳。Where ||-collocated operator, T 1 - current timestamp.
S14.若签名验证成功,则合法接收者B认为第一数据包
Figure PCTCN2015087880-appb-000015
的发送者是合法发送者A,建立合法发送者A和合法接收者B之间的信任连接。S14. If the signature verification is successful, the legal recipient B considers the first data packet.
Figure PCTCN2015087880-appb-000015
The sender is the legitimate sender A, establishing a trusted connection between the legitimate sender A and the legitimate receiver B.
S15.若签名验证失败,则合法接收者B丢弃第一数据包
Figure PCTCN2015087880-appb-000016
跳转步骤S12。S15. If the signature verification fails, the legal receiver B discards the first data packet.
Figure PCTCN2015087880-appb-000016
Go to step S12.
S2.合法接收者B提取合法发送者A的射频指纹特征向量,并将该射频指纹特征向量存储到合法接收者B的存储器中。S2. The legal receiver B extracts the radio frequency fingerprint feature vector of the legal sender A, and stores the radio frequency fingerprint feature vector in the memory of the legal receiver B.
S3.下一时隙中,发送者X向合法接收者B发送第二数据包,合法接收者B提取发送者X的射频指纹特征向量。S3. In the next time slot, the sender X sends the second data packet to the legal receiver B, and the legal receiver B extracts the radio frequency fingerprint feature vector of the sender X.
如图2所示,所述合法接收者B提取合法发送者A的射频指纹特征向量和合法接收者B提取发送者X的射频指纹特征向量的步骤均包括以下步骤:As shown in FIG. 2, the steps of the legal receiver B extracting the radio frequency fingerprint feature vector of the legal sender A and the legal receiver B extracting the radio frequency fingerprint feature vector of the sender X include the following steps:
S01.合法接收者B接收射频信号;S01. The legal receiver B receives the radio frequency signal;
S02.合法接收者B利用希尔伯特变换对接收到的射频信号进行解析,然后计算射频信号的瞬时相位,通过相位检测的方法来检测瞬态信号;S02. The legal receiver B uses the Hilbert transform to parse the received radio frequency signal, then calculates the instantaneous phase of the radio frequency signal, and detects the transient signal by the phase detection method;
S03.合法接收者B采用小波分析变换的方法获取平滑的瞬时包络曲线;S03. The legal receiver B obtains a smooth instantaneous envelope curve by using a wavelet analysis transform method;
S04.采用拟合曲线对瞬时包络曲线进行处理得到拟合系数,即提取射频指纹特征向量。S04. Using the fitting curve to process the instantaneous envelope curve to obtain the fitting coefficient, that is, extracting the RF fingerprint feature vector.
S4.设置射频指纹特征向量样本。所述步骤S4中的射频指纹特征样本包括合法接收者B的存储器中存储的射频指纹特征向量中的一个或多个,即合法接收者B第k次判断发送者X的射频指纹特征向量与射频指纹特征向量样本中包含的射频指纹特征向量的相似度时,射频指纹特征向量样本包括合法接收者B存储的第k-S-1个至第k-1个射频指纹特征向量,其中S的值由检验算法决定。S4. Set the RF fingerprint feature vector sample. The radio frequency fingerprint feature sample in the step S4 includes one or more of the radio frequency fingerprint feature vectors stored in the memory of the legal receiver B, that is, the legal receiver B determines the radio frequency fingerprint feature vector and the radio frequency of the sender X. When the similarity of the radio frequency fingerprint feature vector included in the fingerprint feature vector sample, the radio frequency fingerprint feature vector sample includes the kS-1th to k-1th radio frequency fingerprint feature vectors stored by the legal receiver B, wherein the value of S is verified The algorithm determines.
S5.合法接收者B根据射频指纹特征向量对步骤S3中发送者X的射频指纹特征向量进行射频指纹认证,即判断发送者X的射频指纹特征向量与射频指纹特征向量样本中包含的射频指纹特征向量的相似度;S5. The legal receiver B performs radio frequency fingerprint authentication on the radio frequency fingerprint feature vector of the sender X in step S3 according to the radio frequency fingerprint feature vector, that is, determines the radio frequency fingerprint feature vector of the sender X and the radio frequency fingerprint feature included in the radio frequency fingerprint feature vector sample. Similarity of vectors;
若该相似度大于或等于设定的阈值,则射频指纹认证成功,发送者X为合法发送者A,将该发送者X的射频指纹特征向量存储到合法接收者B的存储器中,跳转步骤S3;If the similarity is greater than or equal to the set threshold, the radio frequency fingerprint authentication is successful, the sender X is the legal sender A, and the radio frequency fingerprint feature vector of the sender X is stored in the memory of the legal receiver B, and the jump step S3;
若该相似度小于设定的阈值,则射频指纹认证失败,发送者X为攻击者E,合法接收者B丢弃第二数据包,跳转步骤S1。If the similarity is less than the set threshold, the radio frequency fingerprint authentication fails, the sender X is the attacker E, and the legal receiver B discards the second data packet, and the process proceeds to step S1.
所述步骤S5中进行射频指纹认证时采用的识别器为SVM识别器和BP神经网络识别器。合法接收者B根据射频指纹特征向量样本,使用SVM识别器和BP神经网络识别器对射频指纹特征向量进行识别,从而对接收到的数据包进行射频指纹验证。 The identifiers used in the step S5 for performing radio frequency fingerprint authentication are an SVM recognizer and a BP neural network recognizer. The legal receiver B uses the SVM identifier and the BP neural network identifier to identify the radio frequency fingerprint feature vector according to the radio frequency fingerprint feature vector sample, thereby performing radio frequency fingerprint verification on the received data packet.
所述步骤S5中进行射频指纹认证的检验算法为似然比检验法或序贯概率比检验法。检验算法决定射频指纹特征向量样本中包含的射频指纹特征向量。The verification algorithm for performing radio frequency fingerprint authentication in the step S5 is a likelihood ratio test method or a sequential probability ratio test method. The verification algorithm determines the RF fingerprint feature vector contained in the RF fingerprint feature vector sample.
所述步骤S5之前还包括设置阈值的步骤。The step of setting a threshold is also included before the step S5.
本发明仅在合法发送者A和合法接收者B之间建立信任连接时,对第一数据包采用基于公钥基础设施的数字签名认证或基于TESLA的认证进行上层身份认证;在后续时隙中,只要射频指纹认证未出现认证失败且合法发送者A和和合法接收者B之间的通信处于连接状态,合法接收者B只需对接收到的数据包进行射频指纹认证即可,具有计算复杂度低和延时小的特点。The invention only uses the public key infrastructure-based digital signature authentication or the TESLA-based authentication for the first data packet to establish the upper-layer identity authentication when the trusted connection is established between the legal sender A and the legal receiver B; in the subsequent time slot As long as the authentication fails in the RF fingerprint authentication and the communication between the legitimate sender A and the legitimate receiver B is in a connected state, the legal receiver B only needs to perform radio frequency fingerprint authentication on the received data packet, which is complicated in calculation. Low degree and low delay.
由于射频指纹特征不随时间变化,因此在射频指纹认证未出现失败且通信一直连接的情况下,两个时隙之间的时间间隔可以长达数小时甚至数天;当射频指纹认证失败或通信终端后需要重新建立连接时,则需要再次对数据包进行上层认证。整个通信过程中,由于射频指纹特征的差异在瞬时信号间都可以体现出来,攻击者E无法获取合法接收者B提取的合法发送者A的射频指纹特征,因而无法对合法发送者A发送的数据包进行篡改、转发或伪造,保证了通信安全。Since the characteristics of the radio frequency fingerprint do not change with time, the time interval between the two time slots may be several hours or even several days when the radio frequency fingerprint authentication fails and the communication is always connected; when the radio frequency fingerprint authentication fails or the communication terminal After the connection needs to be re-established, the upper layer authentication of the data packet is required again. During the entire communication process, the difference in the characteristics of the radio frequency fingerprint can be reflected in the transient signal. The attacker E cannot obtain the radio frequency fingerprint feature of the legal sender A extracted by the legal receiver B, and thus cannot send the data to the legal sender A. The package is tampering, forwarding or forging to ensure communication security.
如图3所示,第一时隙时,合法发送者A向合法接收者B发送第一数据包,合法接收者B采用基于公钥基础设施的数字签名认证对第一数据包进行认证:若认证成功,则提取和保存合法发送者A的射频指纹特征向量RFAB,1;若认证失败,则丢弃当前数据包,合法发送者A重新发送第一数据包,合法接收者B采用基于公钥基础设施的数字签名认证对第一数据包进行认证。As shown in FIG. 3, in the first time slot, the legitimate sender A sends the first data packet to the legal receiver B, and the legal receiver B uses the digital signature authentication based on the public key infrastructure to authenticate the first data packet: If the authentication succeeds, the RF fingerprint feature vector RF AB,1 of the legal sender A is extracted and saved; if the authentication fails, the current data packet is discarded, the legal sender A resends the first data packet, and the legal recipient B adopts the public key. The digital signature authentication of the infrastructure authenticates the first data packet.
第二时隙时,发送者X向合法接收者B发送第二数据包
Figure PCTCN2015087880-appb-000017
合法接收者B提取发送者X的射频指纹特征向量RFAB,2;合法接收者B根据射频指纹特征向量RFAB,1,运用似然比检验法或序贯概率比检验法等对射频指纹特征向量RFAB,2进行射频指纹认证;若射频指纹认证成功,则保存射频指纹特征向量RFAB,2,发送者X向合法接收者B发送下一个数据包;若射频指纹认证失败,则丢弃当前数据包,合法发送者A重新发送第一数据包,合法接收者B采用基于公钥基础设施的数字签名认证对第一数据包进行认证。In the second time slot, the sender X sends the second data packet to the legal receiver B.
Figure PCTCN2015087880-appb-000017
The legal receiver B extracts the RF fingerprint feature vector RF AB,2 of the sender X; the legal receiver B uses the likelihood ratio test or the sequential probability ratio test to evaluate the radio frequency fingerprint according to the radio frequency fingerprint feature vector RF AB,1 Vector RF AB, 2 performs RF fingerprint authentication; if the RF fingerprint authentication is successful, the RF fingerprint feature vector RF AB, 2 is saved , and the sender X sends the next data packet to the legal receiver B; if the RF fingerprint authentication fails, the current data is discarded. The data packet, the legitimate sender A resends the first data packet, and the legitimate recipient B authenticates the first data packet by using the digital signature authentication based on the public key infrastructure.
第K时隙时,发送者X向合法接收者B发送第K数据包
Figure PCTCN2015087880-appb-000018
合法接收者B提取发送者X的射频指纹特征向量RFAB,k,合法接收者B根据射频指纹特征向量RFAB,k-1,…,RFAB,k-S-1,运用似然比检验法或序贯概率比检验法等对射频指纹特征向量RFAB,k进行射频指纹认证,其中S 的值由选择的算法确定;若射频指纹认证成功,则保存射频指纹特征向量RFAB,k,发送者X向合法接收者B发送下一个数据包;若射频指纹认证失败,则丢弃当前数据包,合法发送者A重新发送第一数据包,合法接收者B采用基于公钥基础设施的数字签名认证对第一数据包进行认证。 In the Kth time slot, the sender X sends the Kth packet to the legal receiver B.
Figure PCTCN2015087880-appb-000018
The legal receiver B extracts the RF fingerprint feature vector RF AB,k of the sender X , and the legal receiver B uses the likelihood ratio test according to the radio frequency fingerprint feature vectors RF AB, k-1 , . . . , RF AB, kS-1 or The sequential probability ratio test method performs RF fingerprint authentication on the RF fingerprint feature vector RF AB,k , wherein the value of S is determined by the selected algorithm; if the RF fingerprint authentication is successful, the RF fingerprint feature vector RF AB,k is saved , and the sender X sends the next data packet to the legal receiver B; if the radio frequency fingerprint authentication fails, the current data packet is discarded, the legitimate sender A resends the first data packet, and the legal recipient B uses the digital signature authentication based on the public key infrastructure. The first packet is authenticated.

Claims (8)

  1. 基于射频指纹的跨层认证方法,其特征在于:包括以下步骤:A cross-layer authentication method based on radio frequency fingerprinting, comprising: the following steps:
    S1.第一时隙中,合法发送者A向合法接收者B发送第一数据包,对第一数据包进行上层认证;S1. In the first time slot, the legal sender A sends the first data packet to the legal receiver B, and performs upper layer authentication on the first data packet.
    若上层认证成功,则建立合法发送者A和合法接收者B之间的信任连接,跳转步骤S2;If the upper layer authentication succeeds, the trust connection between the legal sender A and the legal receiver B is established, and the process proceeds to step S2;
    若上层认证失败,则重复步骤S1;If the upper layer authentication fails, step S1 is repeated;
    S2.合法接收者B提取合法发送者A的射频指纹特征向量,并将该射频指纹特征向量存储到合法接收者B的存储器中;S2. The legal receiver B extracts the radio frequency fingerprint feature vector of the legal sender A, and stores the radio frequency fingerprint feature vector in the memory of the legal receiver B;
    S3.下一时隙中,发送者X向合法接收者B发送第二数据包,合法接收者B提取发送者X的射频指纹特征向量;S3. In the next time slot, the sender X sends the second data packet to the legal receiver B, and the legal receiver B extracts the radio frequency fingerprint feature vector of the sender X.
    S4.设置射频指纹特征向量样本;S4. setting a radio frequency fingerprint feature vector sample;
    S5.合法接收者B根据射频指纹特征向量对步骤S3中发送者X的射频指纹特征向量进行射频指纹认证,即判断发送者X的射频指纹特征向量与射频指纹特征向量样本的相似度;S5. The legal receiver B performs radio frequency fingerprint authentication on the radio frequency fingerprint feature vector of the sender X in step S3 according to the radio frequency fingerprint feature vector, that is, determines the similarity between the radio frequency fingerprint feature vector of the sender X and the radio frequency fingerprint feature vector sample;
    若该相似度大于或等于设定的阈值,则射频指纹认证成功,发送者X为合法发送者A,将该发送者X的射频指纹特征向量存储到合法接收者B的存储器中,跳转步骤S3;If the similarity is greater than or equal to the set threshold, the radio frequency fingerprint authentication is successful, the sender X is the legal sender A, and the radio frequency fingerprint feature vector of the sender X is stored in the memory of the legal receiver B, and the jump step S3;
    若该相似度小于设定的阈值,则射频指纹认证失败,发送者X为攻击者E,合法接收者B丢弃第二数据包,跳转步骤S1。If the similarity is less than the set threshold, the radio frequency fingerprint authentication fails, the sender X is the attacker E, and the legal receiver B discards the second data packet, and the process proceeds to step S1.
  2. 根据权利要求1所述的基于射频指纹的跨层认证方法,其特征在于:所述上层认证采用基于公钥基础设施的数字签名认证或基于TESLA的认证。The cross-layer authentication method based on radio frequency fingerprint according to claim 1, wherein the upper layer authentication adopts digital signature authentication based on public key infrastructure or TESLA based authentication.
  3. 根据权利要求2所述的基于射频指纹的跨层认证方法,其特征在于:所述上层认证采用基于公钥基础设施的数字签名认证时,步骤S1包括以下子步骤:The cross-layer authentication method based on radio frequency fingerprint according to claim 2, wherein when the upper layer authentication uses digital signature authentication based on a public key infrastructure, step S1 includes the following substeps:
    S11.第一时隙中,为合法发送者A分配具有一定生命周期的匿名的公钥/私钥对<pubKA,priKA>,公钥/私钥对<pubKA,priKA>的证书为CertA,公钥/私钥对<pubKA,priKA>的虚拟ID为PVIDAS11. In the first time slot, the legal sender A is assigned an anonymous public/private key pair <pubK A , priK A >, public/private key pair <pubK A , priK A > with a certain lifetime. For Cert A , the virtual ID of the public/private key pair <pubK A , priK A > is PVID A ;
    为合法接收者B分配一个具有一定生命周期的匿名的公钥/私钥对<pubKB,priKB>,公钥/私钥对<pubKB,priKB>的证书为CertB,公钥/私钥对<pubKB,priKB>的虚拟ID为PVIDBThe legal recipient B is assigned an anonymous public/private key pair <pubK B , priK B > with a certain lifetime, and the public/private key pair <pubK B , priK B > is Cert B , public key / The virtual ID of the private key pair <pubK B , priK B > is PVID B ;
    S12.合法发送者A利用其私钥priKA对第一数据包的散列消息进行签名,第一数据包表示为
    Figure PCTCN2015087880-appb-100001
    然后将第一数据包
    Figure PCTCN2015087880-appb-100002
    发送给合法接收者B,即:     S12. The legitimate sender A uses the private key priK A to sign the hash message of the first data packet, and the first data packet is represented as
    Figure PCTCN2015087880-appb-100001
    Then the first packet
    Figure PCTCN2015087880-appb-100002
    Send to legal recipient B, ie:
    Figure PCTCN2015087880-appb-100003
    Figure PCTCN2015087880-appb-100003
    S13.合法接收者B收到第一数据包
    Figure PCTCN2015087880-appb-100004
    后,合法接收者B利用公钥pubKA对第一数据包
    Figure PCTCN2015087880-appb-100005
    的签名进行验证:    S13. The legal recipient B receives the first data packet.
    Figure PCTCN2015087880-appb-100004
    After that, the legitimate recipient B uses the public key pubK A to the first data packet.
    Figure PCTCN2015087880-appb-100005
    Signature verification:
    Figure PCTCN2015087880-appb-100006
    Figure PCTCN2015087880-appb-100006
    式中,|-并置运算符,T1-当前时间戳;Where ||-collocated operator, T 1 - current timestamp;
    S14.若签名验证成功,则合法接收者B认为第一数据包
    Figure PCTCN2015087880-appb-100007
    的发送者是合法发送者A,建立合法发送者A和合法接收者B之间的信任连接;    S14. If the signature verification is successful, the legal recipient B considers the first data packet.
    Figure PCTCN2015087880-appb-100007
    The sender is the legal sender A, establishing a trust connection between the legitimate sender A and the legitimate receiver B;
    S15.若签名验证失败,则合法接收者B丢弃第一数据包
    Figure PCTCN2015087880-appb-100008
    跳转步骤S12。    S15. If the signature verification fails, the legal receiver B discards the first data packet.
    Figure PCTCN2015087880-appb-100008
    Go to step S12.
  4. 根据权利要求1所述的基于射频指纹的跨层认证方法,其特征在于:所述合法接收者B提取合法发送者A的射频指纹特征向量和合法接收者B提取发送者X的射频指纹特征向量的步骤均包括以下步骤:The cross-layer authentication method based on radio frequency fingerprint according to claim 1, wherein the legal receiver B extracts the radio frequency fingerprint feature vector of the legal sender A and the legal receiver B extracts the radio frequency fingerprint feature vector of the sender X. The steps include the following steps:
    S01.合法接收者B接收射频信号;S01. The legal receiver B receives the radio frequency signal;
    S02.合法接收者B利用希尔伯特变换对接收到的射频信号进行解析,然后计算射频信号的瞬时相位,通过相位检测的方法来检测瞬态信号;S02. The legal receiver B uses the Hilbert transform to parse the received radio frequency signal, then calculates the instantaneous phase of the radio frequency signal, and detects the transient signal by the phase detection method;
    S03.合法接收者B采用小波分析变换的方法获取平滑的瞬时包络曲线;S03. The legal receiver B obtains a smooth instantaneous envelope curve by using a wavelet analysis transform method;
    S04.采用拟合曲线对瞬时包络曲线进行处理得到拟合系数,即提取射频指纹特征向量。S04. Using the fitting curve to process the instantaneous envelope curve to obtain the fitting coefficient, that is, extracting the RF fingerprint feature vector.
  5. 根据权利要求1所述的基于射频指纹的跨层认证方法,其特征在于:所述步骤S5中进行射频指纹认证时采用的识别器为SVM识别器和BP神经网络识别器。The cross-layer authentication method based on radio frequency fingerprint according to claim 1, wherein the identifier used in the step of performing RF fingerprint authentication in step S5 is an SVM recognizer and a BP neural network recognizer.
  6. 根据权利要求1所述的基于射频指纹的跨层认证方法,其特征在于:所述步骤S5中进行射频指纹认证的检验算法为似然比检验法或序贯概率比检验法。The cross-layer authentication method based on radio frequency fingerprint according to claim 1, wherein the verification algorithm for performing radio frequency fingerprint authentication in step S5 is a likelihood ratio test method or a sequential probability ratio test method.
  7. 根据权利要求1所述的基于射频指纹的跨层认证方法,其特征在于:所述步骤S5之前还包括设置阈值的步骤。The cross-layer authentication method based on radio frequency fingerprint according to claim 1, wherein the step S5 further comprises the step of setting a threshold.
  8. 根据权利要求1所述的基于射频指纹的跨层认证方法,其特征在于:所述步骤S4中的射频指纹特征样本包括合法接收者B的存储器中存储的射频指纹特征向量中的一个或多个。 The cross-layer authentication method based on radio frequency fingerprint according to claim 1, wherein the radio frequency fingerprint feature sample in step S4 comprises one or more of radio frequency fingerprint feature vectors stored in a memory of a legal recipient B. .
PCT/CN2015/087880 2015-08-19 2015-08-24 Radio frequency fingerprint-based cross-layer authentication method WO2017028323A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US15/310,780 US10251058B2 (en) 2015-08-19 2015-08-24 Cross-layer authentication method based on radio frequency fingerprint

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510512638.8 2015-08-19
CN201510512638.8A CN105162778B (en) 2015-08-19 2015-08-19 Cross-layer authentication method based on radio-frequency fingerprint

Publications (1)

Publication Number Publication Date
WO2017028323A1 true WO2017028323A1 (en) 2017-02-23

Family

ID=54803532

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/087880 WO2017028323A1 (en) 2015-08-19 2015-08-24 Radio frequency fingerprint-based cross-layer authentication method

Country Status (3)

Country Link
US (1) US10251058B2 (en)
CN (1) CN105162778B (en)
WO (1) WO2017028323A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2022116314A1 (en) * 2020-12-03 2022-06-09 深圳大学 Lightweight active cross-level verification method for smart grid

Families Citing this family (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105635125A (en) * 2015-12-25 2016-06-01 电子科技大学 Physical layer combined authentication method based on RF fingerprint and channel information
CN105763492B (en) * 2016-04-26 2018-10-19 电子科技大学 Physical layer authentication method based on basis expansion model channel information
CN105959337B (en) * 2016-07-25 2019-01-29 电子科技大学 A kind of Sybil node recognition methods based on physical layer degree of belief
CN106446877B (en) * 2016-11-21 2019-07-30 电子科技大学 A kind of radio-frequency fingerprint feature extraction and recognition methods based on signal amplitude sequence
WO2018098641A1 (en) * 2016-11-29 2018-06-07 华为技术有限公司 Network security protection method and device
CN107046468B (en) * 2017-06-14 2020-10-02 电子科技大学 Physical layer authentication threshold determination method and system
WO2019061515A1 (en) * 2017-09-30 2019-04-04 深圳大学 Robust wireless communication physical layer slope authentication method and device
CN108171183B (en) * 2018-01-02 2021-01-22 京东方科技集团股份有限公司 Display substrate, manufacturing method thereof, display device and fingerprint identification method
CN108173871B (en) * 2018-01-19 2020-02-21 西安电子科技大学 Wireless network access authentication system and method based on radio frequency fingerprint and biological fingerprint
CN108960138B (en) * 2018-07-03 2019-07-02 南方电网科学研究院有限责任公司 A kind of equipment authentication feature recognition methods based on convolutional neural networks
CN108966232B (en) * 2018-09-28 2021-04-20 深圳大学 Service network-based wireless Internet of things physical layer hybrid authentication method and system
CN109587136B (en) * 2018-12-05 2020-06-19 电子科技大学 Radio frequency fingerprint feature extraction and identification method based on double maximum values
CN109919015A (en) * 2019-01-28 2019-06-21 东南大学 A kind of radio-frequency fingerprint extraction and recognition methods based on more sampling convolutional neural networks
CN110035425B (en) * 2019-04-04 2021-10-01 中国科学技术大学 Physical fingerprint extraction method for wireless equipment based on wireless network card
US11363416B2 (en) * 2019-10-04 2022-06-14 Samsung Electronics Co., Ltd. System and method for WiFi-based indoor localization via unsupervised domain adaptation
NL2024474B1 (en) * 2019-12-17 2020-10-15 Electric Power Res Institute China Southern Power Grid Co Ltd A malicious node identification method based on the edge computing
CN112074002B (en) * 2020-08-28 2023-01-31 国网电力科学研究院有限公司 Access authentication method and system for electric power wireless private network equipment
CN114997299B (en) * 2022-05-27 2024-04-16 电子科技大学 Radio frequency fingerprint identification method in resource limited environment
CN115643575B (en) * 2022-12-26 2023-03-10 电子科技大学 Radio frequency fingerprint cross-layer security access authentication method based on block chain under edge calculation

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070005367A1 (en) * 2005-06-29 2007-01-04 Microsoft Corporation Radio frequency certificates of authenticity
CN101594229A (en) * 2009-06-30 2009-12-02 华南理工大学 A kind of trusted network connection system and method based on combined public key
CN102256249A (en) * 2011-04-02 2011-11-23 电子科技大学 Identity authentication method and equipment applied to wireless network
CN102904724A (en) * 2012-10-17 2013-01-30 南通大学 Radio-frequency-fingerprint-based challenge-response authentication protocol method
CN203204630U (en) * 2013-04-25 2013-09-18 深圳市雄帝科技股份有限公司 USBKEY authentication device based on radio frequency identity-authentication card authentication

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7310734B2 (en) * 2001-02-01 2007-12-18 3M Innovative Properties Company Method and system for securing a computer network and personal identification device used therein for controlling access to network components
CN101277182A (en) * 2008-03-14 2008-10-01 北京信联恒业通讯技术有限公司 Method for acquiring dynamic password based on public key architecture-user personal identification card
US9560073B2 (en) * 2011-09-08 2017-01-31 Drexel University Reconfigurable antenna based solutions for device authentication and intrusion detection in wireless networks
KR101385929B1 (en) * 2013-07-17 2014-04-16 (주)세이퍼존 Certification and storage device with multi connector and finger print sensor
US9674700B2 (en) * 2014-11-04 2017-06-06 Qualcomm Incorporated Distributing biometric authentication between devices in an ad hoc network

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070005367A1 (en) * 2005-06-29 2007-01-04 Microsoft Corporation Radio frequency certificates of authenticity
CN101594229A (en) * 2009-06-30 2009-12-02 华南理工大学 A kind of trusted network connection system and method based on combined public key
CN102256249A (en) * 2011-04-02 2011-11-23 电子科技大学 Identity authentication method and equipment applied to wireless network
CN102904724A (en) * 2012-10-17 2013-01-30 南通大学 Radio-frequency-fingerprint-based challenge-response authentication protocol method
CN203204630U (en) * 2013-04-25 2013-09-18 深圳市雄帝科技股份有限公司 USBKEY authentication device based on radio frequency identity-authentication card authentication

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2022116314A1 (en) * 2020-12-03 2022-06-09 深圳大学 Lightweight active cross-level verification method for smart grid

Also Published As

Publication number Publication date
CN105162778A (en) 2015-12-16
CN105162778B (en) 2018-06-26
US20170251364A1 (en) 2017-08-31
US10251058B2 (en) 2019-04-02

Similar Documents

Publication Publication Date Title
WO2017028323A1 (en) Radio frequency fingerprint-based cross-layer authentication method
Ferrag et al. Security for 4G and 5G cellular networks: A survey of existing authentication and privacy-preserving schemes
US9450756B2 (en) Method and system for authenticating entity based on symmetric encryption algorithm
CN107046468B (en) Physical layer authentication threshold determination method and system
JP5682083B2 (en) Suspicious wireless access point detection
KR101270372B1 (en) Authentication for secure wireless communication
US10764066B2 (en) EUICC secure timing and certificate revocation
CN113614572A (en) Base station location authentication
Zhao et al. A robust authentication scheme based on physical-layer phase noise fingerprint for emerging wireless networks
CN102223637A (en) Identity authentication method and system based on wireless channel characteristic
Weinand et al. Physical layer authentication for mission critical machine type communication using Gaussian mixture model based clustering
CN110035425B (en) Physical fingerprint extraction method for wireless equipment based on wireless network card
US20230319557A1 (en) Authentication method and related apparatus
Shawky et al. Adaptive chaotic map-based key extraction for efficient cross-layer authentication in VANETs
Ma et al. A pseudonym based anonymous identity authentication mechanism for mobile crowd sensing
CN113518083A (en) Lightweight security authentication method and device based on device fingerprint and PUF
Shawky et al. Cross-layer authentication based on physical-layer signatures for secure vehicular communication
Ajit et al. Formal Verification of 5G EAP-AKA protocol
Yan et al. A certificateless efficient and secure group handover authentication protocol in 5G enabled vehicular networks
CN113709729B (en) Data processing method, device, network equipment and terminal
Hemavathi et al. Ds2an: Deep stacked sparse autoencoder for secure and fast authentication in hetnets
Yang et al. AKA-PLA: enhanced AKA based on physical layer authentication
Eze et al. Systematic Review on the Recent Trends of Cybersecurity in Automobile Industry
CN113365275B (en) Identity authentication system and method based on infrared communication
AlAali et al. Cybersecurity Threats and Solutions of IoT Network Layer

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 15310780

Country of ref document: US

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15901527

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15901527

Country of ref document: EP

Kind code of ref document: A1